# Policies workspace Purpose - Author, simulate, review, approve, and promote stella-dsl policy packs. - Integrate with policy runs, findings, and audit bundles. Access and dependencies - Routes: /console/policies, /console/policies/:policyId, /console/policies/:policyId/:revision. - Scopes: policy:read, policy:author, policy:review, policy:approve, policy:operate, policy:simulate, policy:audit. - Depends on Policy Engine APIs, Policy Studio editor assets, Authority fresh-auth. - Feature flags: policy.studio.enabled, policy.simulation.diff, policy.runCharts.enabled, policy.offline.bundleUpload. List and detail views - Columns: policy name and ID, state, revision digest, owner, last change, pending approvals. - Row actions: open, duplicate, export pack, run simulation, compare revisions. - Filters: team, state, tags, pending approvals, simulation warnings. - Detail header shows active/staged revision, simulation status, last run duration and determinism hash. Editor shell - Context banner with tenant, policy ID, revision digest. - Inline lint and compile status with timestamps. - Checklist sidebar for lint, simulation, determinism, security review. - Monaco editor with schema hovers and snippets. - Autosave every 30 seconds with conflict warnings. Simulation workflows - Simulation runs async against selected SBOM sets. - Diff view shows added, removed, and severity changes. - Side-by-side compare active vs simulation. - Simulation results cached per draft revision and expire after the retention window. - CLI parity: stella policy simulate --policy --sbom . Review and approval - Review requests include reviewers, due dates, and escalation contacts. - Threaded comments with markdown and attachments. - Approval checklist: lint pass, fresh simulation, determinism check, security review. - Fresh-auth required for approve and promote actions. - Approval events record correlation IDs and digests. Promotion and rollout - Promotion dialog summarizes staged changes, target tenants, and run plan. - Schedule or apply immediately; run progress shown in the UI. - Rollback guidance links to CLI commands. Runs and observability - Runs tab lists full, incremental, and simulation runs with determinism hashes. - Charts for findings trend, quieted trend, rule hit heatmap. - Run detail drawer links to evidence bundles and policy logs. RBAC and governance - Roles: author, reviewer, approver, operator, auditor, admin. - UI disables actions without required scopes and logs denied attempts. Exports and offline bundles - Export pack downloads zip with metadata and digests. - Offline bundle upload verifies signatures before apply. - Explain bundle export packages run traces for audit. - CLI parity: stella policy export, stella policy bundle import/export. Offline behavior - Sealed mode disables direct promotion and uses offline job manifests. - Simulation warns when enrichment data is stale. - Run charts use snapshot data and manual refresh. - Exports default to local paths for transfer.